Documentation ¶
Index ¶
- Constants
- Variables
- func ExtractTypes(credential vc.VerifiableCredential) []string
- func FindValidatorAndBuilder(credential vc.VerifiableCredential) (Validator, Builder)
- func ValidExplicitNutsAuthorizationCredential() *vc.VerifiableCredential
- func Validate(credential vc.VerifiableCredential) error
- func ValidateRevocation(r Revocation) error
- type BaseCredentialSubject
- type Builder
- type Evidence
- type LegalBase
- type NutsAuthorizationCredentialSubject
- type NutsOrganizationCredentialSubject
- type Resource
- type Revocation
- type Validator
Constants ¶
const ( // NutsOrganizationCredentialType is the VC type for a NutsOrganizationCredential NutsOrganizationCredentialType = "NutsOrganizationCredential" // NutsAuthorizationCredentialType is the VC type for a NutsAuthorizationCredential NutsAuthorizationCredentialType = "NutsAuthorizationCredential" // NutsContext is the nuts specific json-ld context NutsContext = "https://nuts.nl/credentials/v1" )
Variables ¶
var (
// NutsOrganizationCredentialTypeURI is the VC type for a NutsOrganizationCredentialType as URI
NutsOrganizationCredentialTypeURI, _ = ssi.ParseURI(NutsOrganizationCredentialType)
// NutsAuthorizationCredentialTypeURI is the VC type for a NutsAuthorizationCredentialType as URI
NutsAuthorizationCredentialTypeURI, _ = ssi.ParseURI(NutsAuthorizationCredentialType)
// NutsContextURI is the nuts specific json-ld context as URI
NutsContextURI, _ = ssi.ParseURI(NutsContext)
)
var ErrValidation = errors.New("validation failed")
ErrValidation is a common error indicating validation failed
var RevocationType = ssi.MustParseURI("CredentialRevocation")
RevocationType contains the JSON-LD type for a revocation
Functions ¶
func ExtractTypes ¶
func ExtractTypes(credential vc.VerifiableCredential) []string
ExtractTypes extract additional VC types from the VC as strings It removes the default `VerifiableCredential` type from the types, returns the rest.
func FindValidatorAndBuilder ¶
func FindValidatorAndBuilder(credential vc.VerifiableCredential) (Validator, Builder)
FindValidatorAndBuilder finds the Validator and Builder for the credential Type It only supports VCs with one additional type next to the default VerifiableCredential type. When no additional type is provided, it returns the default validator and a nil builder
func ValidExplicitNutsAuthorizationCredential ¶
func ValidExplicitNutsAuthorizationCredential() *vc.VerifiableCredential
func Validate ¶
func Validate(credential vc.VerifiableCredential) error
Validate the default fields. This is credential type independent.
func ValidateRevocation ¶
func ValidateRevocation(r Revocation) error
ValidateRevocation checks if a revocation record contains the required fields and if fields have the correct value.
Types ¶
type BaseCredentialSubject ¶
type BaseCredentialSubject struct {
ID string `json:"id"`
}
BaseCredentialSubject defines the CredentialSubject struct for fields that are shared amongst all CredentialSubjects
type Builder ¶
type Builder interface { // Type returns the matching Verifiable Credential type Type() string // Fill sets the defaults for common fields Fill(vc *vc.VerifiableCredential) }
Builder is an abstraction for extending a partial VC into a fully valid VC
type Evidence ¶
type Evidence struct { // Path is the relative path (relative to the FHIR base path of the mentioned service) Path string `json:"path"` // Type indicates the MIME type of the resource. Type string `json:"type"` }
Evidence is part of the NutsAuthorizationCredential credentialSubject.legalBase
type LegalBase ¶
type LegalBase struct { // ConsentType defines the type of consent that has been given (implied or explicit) ConsentType string `json:"consentType"` // Evidence contains a link to a resource when ConsentType == 'explicit' Evidence *Evidence `json:"evidence"` }
LegalBase is part of the NutsAuthorizationCredential credentialSubject
type NutsAuthorizationCredentialSubject ¶
type NutsAuthorizationCredentialSubject struct { // ID contains the DID of the subject ID string `json:"id"` // LegalBase contains information about the type of consent that is the basis for the authorization. LegalBase LegalBase `json:"legalBase"` // PurposeOfUse refers to the Bolt access policy PurposeOfUse string `json:"purposeOfUse"` // Resources contains additional individual resources that can be accessed. Resources []Resource `json:"resources"` // Subject contains a URN referring to the subject of care (not the credential subject) Subject *string `json:"subject"` }
NutsAuthorizationCredentialSubject defines the CredentialSubject struct for the NutsAuthorizationCredential
type NutsOrganizationCredentialSubject ¶
type NutsOrganizationCredentialSubject struct { ID string `json:"id"` Organization map[string]string `json:"organization"` }
NutsOrganizationCredentialSubject defines the CredentialSubject struct for the NutsOrganizationCredential
type Resource ¶
type Resource struct { // Path defines the path of the resource relative to the service base URL. // Which service acts as base URL is described by the Bolt. Path string `json:"path"` // Operations define which operations are allowed on the resource. Operations []string `json:"operations"` // UserContext defines if a user login contract is required for the resource. UserContext bool `json:"userContext"` }
Resource defines a single accessbile resource
type Revocation ¶
type Revocation struct { // Context contains the json-ld contexts Context []ssi.URI `json:"@context,omitempty"` // Type contains the json-ld type, usually this is CredentialRevocation Type []ssi.URI `json:"type,omitempty"` // Issuer refers to the party that issued the credential Issuer ssi.URI `json:"issuer"` // Subject refers to the VC that is revoked Subject ssi.URI `json:"subject"` // Reason describes why the VC has been revoked Reason string `json:"reason,omitempty"` // Date is a rfc3339 formatted datetime. Date time.Time `json:"date"` // Proof contains the cryptographic proof(s). It must be extracted using the Proofs method or UnmarshalProofValue method for non-generic proof fields. Proof *vc.JSONWebSignature2020Proof `json:"proof,omitempty"` }
Revocation defines a proof that a VC has been revoked by it's issuer.
func BuildRevocation ¶
func BuildRevocation(credential vc.VerifiableCredential) Revocation
BuildRevocation generates a revocation based on the credential
type Validator ¶
type Validator interface { // Validate the given credential according to the rules of the VC type. Validate(credential vc.VerifiableCredential) error }
Validator is the interface specific VC verification. Every VC will have its own rules of verification.